1

I have asked this question before but did not get a proper answer. I have a Debian machine that often changes its networks, so I rely on DHCP and cannot set a static route. So DCHP automatically creates two IP routes: The default route (0.0.0.0/0 → Gateway) and one for the local network (e.g. 10.1.0.0/16 → Gateway). My problem is that I want to route all my traffic through WireGuard. This causes the WireGuard route (0.0.0.0/0 → wg0) and the local route to overlap. The local one (e.g. 10.1.0.0/16) is more specific and thus preferred. Is there any way to suppress the creation of these routers? I have been looking for a solution for several days ...

Jonathan
  • 43
  • 6
  • The OS is debian based btw – Jonathan Aug 22 '22 at 18:40
  • Why do you want to route RFC1918 private network addresses via Wireguard? The local network route is necessary so that you can communicate with other hosts on the same IP subnet. – Tero Kilkanen Aug 22 '22 at 20:57
  • @TeroKilkanen If I'm on insecure networks, I don't need to reach other hosts on the network except for the gateway. And via WireGuard I want to be able to reach the hosts at my home. – Jonathan Aug 22 '22 at 21:29

2 Answers2

0

DHCP is the protocol that computers use to get an IP address from their router. The router responds with the computer's IP address, router's IP address and subnet size, so that the computers know their IP address and how to forward packets to the internet.

The subnet size is decided by whoever installed the router. All client devices in the network should use the same subnet size to avoid subtle issues.

However, if you still want to delete the local subnet route, you need to have another route set up to tell networking stack how to send packets to your router. You need to create a hook in DHCP client that does the following:

Example IP addresses:

Router 192.168.10.1 Computer 192.168.10.2

  • Calculate minimum subnet that covers both the router's IP address and computer's received IP address. In the example case, the smallest subnet that covers these addresses is 192.168.10.0/30.
  • Add a route that forwards 192.168.10.0/30 subnet via your network interface.
  • Delete the wider DHCP added route.

Even with this method, you can still have address overlap between your home network and the network connection you are using. I have personally solved this issue by using a subnet in 172.16/12 space in my home network. To my knowledge, it is the least used prefix for networks, therefore conflicts are very unlikely.

Even though implementing the narrowing of local network route is possible, I don't recommend doing it, it can have nasty side-effects.

If I were you, I would just simply renumber my local network so that collision is unlikely.

Tero Kilkanen
  • 36,796
  • 3
  • 41
  • 63
  • The problem is that if I change the network daily, I can't tell what IP the router and client will have. Otherwise I would set a static configuration and delete the second local route, then everything would work, but I would have to reconfigure the machine every day. – Jonathan Aug 22 '22 at 22:32
  • Even if you would change the network you use with your client daily, it is highly unlikely that you will hit the same prefix as your local network, when you use something from `172.16/12` prefix. – Tero Kilkanen Aug 23 '22 at 05:55
  • Den 172.16/12 Präfix verwende ich schon für Docker / VM Netzwerke. – Jonathan Aug 23 '22 at 14:41
  • Please use english at ServerFault. Does Docker really use every the full `172.16/12` CIDR block? I don't think that is the case, Anyway, you could then pick something in `10/8` block, for example `10.254.231.0/24`. – Tero Kilkanen Aug 23 '22 at 16:04
0

I have now solved the problem for me by creating an executable file with:

#!/bin/bash
ip route del $(ip route | grep "dev ens18 proto kernel scope link" | head -1)

in /etc/network/if-up.d/. I know the solution is not very nice, but I have not found a better solution for me.

Jonathan
  • 43
  • 6